I am about to start Offensive-Security "Cracking the Perimeter (CTP)" course, which leads to the OSCE exam.

Having done "Pentesting with Backtrack (PWB)", I now the guys at Offensive-Security will once again provide me with a tough but excellent course.

To get ready, I have spent the last 2 weeks getting back to Intel x86 Assembly programming. Call me crazy, but I actualy enjoy coding in assembly! I bought a 60 day lab package and my goal is, in order:

1) Go through all videos and do all exercises.

2) Start hacking machines in the lab and build my "toolbox".

3) After the lab time is over, spend a month or two in my own lab working on my weaknesses.

4) Once I feel I master what is in the course content, buy another 30 days of lab and start getting ready for the exam.

So for those who have done both courses, did you change your approach from PWB to CTP?

I am very excited to start this course! I am ready to suffer once again!

I think the greatest advantage you have right now is that you know how Offensive Security works. By now you know what approach they want to see when you attack a box and what technical techniques they like to see when you exploit it. And last but not least, you will know the suffering involved to reach the goal but that is something you like, apparently :P

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

Seriously, I pay for my training and being a consultant, I don't get paid when I sit in a classroom. So only training is good for me. In addition, as you know, Offensive Security provides excellent training materials. So to me, it is the best bang for my buck.

And like you mentioned, I will approach this course completely differently than PWB. A lot more seriously and more I am way more humble.

Last thing, I believe that if I aim low, I will get low results. But if I aim high, it either works or I would have learn a ton of things! Either way, I win!

I took a good study break and finish my kitchen's floor. Nothing better than manual work to relax from studying!

Right now I'm halfway with the CTP training, and I don't think the approach from PWB fits here, since you don't have a similar environment where you are free to attack and compromise whatever you want. Once you receive your material you'll understand what I mean.

The thing that will help you most in OSCE is to verify you really understand each lesson as it is presented. For instance, you will be walked through an exercise, then you will have to complete it on your own. You should try this:

1) Do the exercise with the video2) At end of chapter, re-create the exercise referencing the manual3) Rinse and Repeat until you don't need to reference the manual at all

This takes more time, but the worst time to figure out that you didn't really get what was going on is during the exam. Also, don't be afraid to reference other material. When I didn't get the explanation of something, I hit up google and on occasion found some complimentary stuff which helped.

I am 5 weeks into OSCE. It's quite different than OSCP which I passed a few months ago. The lab is small and there are not 50 extra boxes to pop in this compared to OSCP. Extra practice is really on your own. I've been talking with other OSCEs and found out that a good way to practice is to hit exploit-db and try to recreate the exploits you see there. For example, take an exploit and write it in a different language from scratch or use a different method like an egghunter if that wasnt used in the original exploit. Also download DVWA and try to pwn it in your sleep.

The course material and video modules for this are so gnarly. I love it. I honestly thought it would all be way over my head but if you put the time in, you'll get it. It's another tremendously well thought out and challenging course. I'll be taking the challenge in about a month.

1) Do the exercise with the video2) At end of chapter, re-create the exercise referencing the manual3) Rinse and Repeat until you don't need to reference the manual at all

That's what I learned the hard way for OSCP. Understanding what they do in the videos is quite easy compare to doing it yourself. I take good note of this.

I've been talking with other OSCEs and found out that a good way to practice is to hit exploit-db and try to recreate the exploits you see there. For example, take an exploit and write it in a different language from scratch or use a different method like an egghunter if that wasnt used in the original exploit. Also download DVWA and try to pwn it in your sleep.

That's a good idea. I will keep this in mind.

I have another question: How good should you be in Assembly? I am currently going through Vivek's video (www.securitytube.net) and it is going quite well. It's been 13 years since I used it in university and I was pretty rusty. My guess is I will know enough for OSCE after I am don with these videos. At the very least, I should be able to read 90% of any assembly code without reference. Am I going too far or not enough?

You've already done more than I did before I started. I had basic assembly knowledge but I can assure you, if you listen and watch Mati intently in the videos, he drops little hints a long the way that give you an idea of what is "possible." I feel 1000% times better in a debugger than I did when I started just by watching and re-watching the videos and then re-creating the modules.

3) Excellent idea, know your strengths and your weaknesses. That is one of the ways to succeed.

The most important thing is that if you don't understand something in one of the modules, take your time to research about it so you understand exactly what was covered during the course, and try to go beyond so you know more than what is covered during the course, when you're attempting the examination.

Feel free to message me on IRC, I'm usually idling there 24/7 but I'm of course also online on occasion